Network worms have become one of the biggest security problems on the Internet. The huge number of homogenously-configured exploitable hosts makes it easy for worms to spread, sometimes to the point where the network activity of a worm scanning for hosts and exploiting them causes problems simply due to the huge amount of network traffic involved (the SQL/Slammer worm being the most dramatic example, bringing much of the Internet to a halt for a couple of hours due to its extremely aggressive scanning).
The SQL/Slammer worm exploited a vulnerability in the Microsoft SQL server which allowed arbitrary code execution; as the SQL server could accept requests on both standard TCP and UDP ports, the worm was constructed to fit in a single UDP packet. A vulnerable SQL server would be compromised simply by processing the exploit packet, and would then begin generating copies of the exploit packet sent to randomly-generated IP addresses at whatever rate the network link could support. This resulted in extremely rapid spread -- it's estimated that the worm had reached all exploitable hosts within about 30 minutes of its initial release (although it may have been seeded to a few chosen well-connected hosts to help its spread, which was also timed for a Friday night in North America). Once discovered, filtering of the port used by Microsoft SQL server reduced the spreading rate.
In July 2002 the Code Red worms (there were at least two major variants) spread among vulnerable Microsoft IIS systems. While the network effects of these worms were not as drastic and the infection rate more gradual than the SQL/Slammer worm, Code Red did not just spread itself but substantially compromised the systems it infected (usually by placing copies of CMD.EXE in CGI directories). Security researchers obtained several interesting results by watching the spread of the Code Red variants. One was that the method of random scanning used by a worm affected its spread; the second major variant of Code Red used a different distribution of random IP addresses when scanning that caused it to spread faster. Another observation was that there was a large number of hosts that remained unpatched long after the initial spread of the worm, despite tremendous publicity.